The Solana Foundation is offering a monetary reward of $400,000 to anyone who can identify a code that could potentially halt the Solana network, as revealed by Jacob Creech, Head of Developer Relations at Solana. The announcement came through Creech’s Twitter post on 13th October 2023. The bounty is part of Solana’s bug bounty program aimed at discovering and rectifying critical vulnerabilities to ensure the network’s robustness and security.
Bounty for Liveness Loss
The specific bounty of $400,000 is categorized under “Liveness / Loss of Availability” in Solana’s Security Bug Bounties program, which covers incidents where consensus halts and requires human intervention including eclipse attacks, remote attacks partitioning the network. The reward is paid in locked SOL tokens with a lockup period of 12 months.
Reporting and Response Process
Solana has a well-defined process for reporting, reviewing, and addressing security issues. Individuals discovering a potential vulnerability are instructed to report it through a designated “Report a Vulnerability” link rather than creating a GitHub issue. The Solana Labs team typically responds within 72 hours, following which a triage and fix preparation process ensues. Once a fix is ready, it’s communicated to the network validators using the “Solana Red Alert” notification system, ensuring a coordinated effort to address the vulnerability.
Besides the aforementioned category, Solana’s bug bounty program includes other categories like “Loss of Funds,” “Consensus/Safety Violations,” and “DoS Attacks,” with rewards ranging from $100,000 to $2,000,000. These bounties reflect Solana’s commitment to maintaining a secure and reliable blockchain network by incentivizing the discovery and reporting of potential security threats.
Eligibility and Payment
To be eligible for the bounty, submissions must include an exploit proof-of-concept. The Solana Foundation has outlined a clear process, including KYC (Know Your Customer) procedures and a participation agreement that needs to be adhered to by the participants. The bounties are awarded on a rolling or weekly basis, and are paid out within 30 days upon receipt of an invoice, with the SOL/USD conversion rate being determined by the market price of SOL at the end of the day the invoice is submitted.
In summary, the Solana Foundation’s proactive stance towards identifying and rectifying potential security threats through substantial bounties reflects its continuous effort to uphold network integrity and ensure a secure blockchain environment for its users and developers.
Image source: Shutterstock